A vulnerability in the Google browser gave access to our personal data

In December, the Positive Technologies researcher , Sergey Toshin, had discovered a very dangerous vulnerability that concerned Google's Chromium browser , an engine that also runs the most popular Google Chrome. This vulnerability, if properly exploited, would have fed the hackers our personal data on our devices.

Upon learning of the bug, Google promptly solved the problem through security patches by disguising the fix as a high severity vulnerability with "insufficient policy enforcement". Only after the official Positive Technologies report was the real problem communicated: the error concerned the WebView component of Android, which is commonly used to display pages within applications developed for the green robot system. The vulnerability existed within the Google Chromium engine and was present in all versions of Android ranging from 4.4 up to the next.

The hackers could have exploited the vulnerability by connecting users to a malicious instant application that allowed them to run a small file, thus giving them access to the smartphone's hardware. Once arrived at the hardware it would have been child's play to intercept the data that the user exchanged with the applications on his phone. Leigh-Anne Galloway, head of IT security resiliency at Positive Technologies, said: "After an update containing a malicious payload, these applications could read the information from WebView. This allows access to the browser history, authentication tokens commonly used for accessing mobile apps and other important data ".

Security patches have definitely fixed the bug; users running Android 7.0 or later must have updated their Google Chrome browser in January ; otherwise, if your Android version is older than Nougat, you will need to update the WebView application via Google Play.